In June 2015, the U.S. Office of Personnel Management (OPM) announced a substantial data breach, marking one of the most significant breaches in U.S. government history. Initially, the breach was reported to affect personnel records of 4.2 million former and current government employees. However, further analysis estimated that up to 21.5 million individuals could have been affected.
The breach reportedly began with a successful spear-phishing attempt, leading to the installation of malware on OPM’s network. From there, the attackers mapped the network and escalated privileges to gain access to a wealth of sensitive information.
The OPM breach led to significant changes in the U.S. government’s approach to cybersecurity, including increased budget allocations for cybersecurity initiatives, the hiring of a new CISO, and a commitment to improving the security of federal IT systems.